General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free

Hey Everyone!

The Fuel User Group is now part of LIVEcommunity! If you haven’t come across Fuel before, it’s a space where you can connect with fellow cybersecurity folk, share knowledge, and learn from each other. It’s completely free as well! Fue

...

Welcome to the General Topics Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! What happens when a previously unknown App-ID gets added to PA through dynamic updates? How are others handling this situation?

This is a situation that I brought up at work, that we don't really have an answer to. After I brought this situation up a couple of weeks ago, we actually had this exact problem bite us when an App-ID for SCEP was introduced.

Let's say there's a serv

...

There is a question about a SSL decryption for OWA(outlook Web Access).

Hi there.

I have a configuration for SSL Decryption including SSL Certifcation and SSL Decryption policy.

It is working well on a gmail, a facebook and etc, but there is not working a ssl decryption on an OWA.

I can see the owa traffic on the session

...

How to inject OSPF information from PA to other OSPF-Routers

Hello,

we created a IPSec tunnel between Cisco and PA:

Now we have a problem to make the network behind the Cisco Router reachable from the Corporate LAN and the other way (from Corporate LAN to the "Cisco LAN"). Both routers running OSPF. With OSPF we

...

Resolved! Global Protect behind a firewall

Hi,

PaloAlto firewall is behind another firewall(Firewall B).

This firewall B's port 443 busy with another app.So we have to use another port

How should we configure Paloalto portal and gateway.

we used port 18000.

Firewall B --- 2.2.2.2 port 18000 Nat to

...

Commit only a specific set of config changes?

Hi,

Is there any way to commit just a specific set commands to the Palo without committing all changes that are pending? I have an in house written piece of software that is going to make content filtering changes to my Palo's via the XML API. My conc

...

Resolved! Global Protect attack

Hello

Someone could say me, what is the cause of the error?

Palo Alto: Monitor -> System

Receive Time: 08/09 9:22:58
Type: GlobalProtect
Severity: informational
Event: globalprotectportal-auth-fail
Object: Portal_Laptops
Description, GlobalProtect Portal use

...

Blocking an application for all websites except one

I have an Application filter for Streaming Audio and have created a policy to block it. That's going well but I need to allow http-audio which falls under Streaming Audio for one specific site only.

I have created a URL Filtering security profile with

...

terminal Agent - session 0 "no need to handle"

hi all,

I've encauntered the issue with terminal agent mapping.

Everything is working fine for normal users using terminals but for local console Administrator it is pain in the a...

It seems that Terminal Agent is skipping this mapping (local console

...

full url address

Hi,

When looking for url reports from custom reports , some of the url addresses come only with *.domain.com

is there a way to see full address of these url's.Especially google ?

Resolved! Certificate chaining with Captive Portal

Hello,

We have a PA-3020 running PanOS 5.0.0 in L3 deployment. We have just one Private zone and one Public zone for the instance.

I have configured a Captive Portal policy on the Private zone gto ensure that all users that are not authenticated by Use

...

How can I only allow specific source address to insert XML-API request

Hi, all,

As title, everybody can ask PA and insert the URI to do what they want PA to do if people have the plaintext key and correct URI request.

I want to limit the request to only permitted source address, but I cannot find any app-id about it, how

...

Resolved! Cannot log in after 5.0.5 upgrade

After upgrading from PAN-OS 5.0.4 to 5.0.5 and rebooting the primary 3020 of an HA pair, the logins we normally use tied to our Active Directory accounts are not working; they are giving us Invalid Logon messages. These Invalid Logon messages occur

...

Resolved! Virtual IP

Hi

We have a scenario wherein we should create a virtual private IP in Palo Alto and that virtual IP will connect to a public IP. For example:

PA LAN IP: 192.168.1.1

PA PUBLIC IP: 9.9.9.9

Firewall Virtual IP: 192.168.1.254

Public IP: 1.2.3.4

Users will con

...

Resolved! Skype-probe rule catching other traffic

I have implemented the suggested Skype-Probe allow rule in order to block Skype. I have noticed that this rule will also catch traffic that is of the Application type Incomple and Insufficient-data. Just currious as to why it is ending up in this r

...

Resolved! iPad App fails to connect

I have the global protect license and an active global protect subscription. Windows Laptops, Mac Laptops, and Android devices (using the app) can connect and access network resources. However I try with the iPad and it fails immediately. I get "C

...

General Topics

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

Fuel User Group is Now Part of LIVEcommunity – Connect & Learn for Free